Tuesday, March 7, 2017

Pole Cam Issue Flagged as Possible Spy Tool

Pakistan has raised concerns that India’s tallest ever flag, which can be seen from Lahore, could be used for “spying”.

India erected a 110 metre (360 feet) high flag at the Attari Border in the northern state of Punjab, prompting Pakistan to accuse its neighbour of violating international treaties.

Pakistan has complained to the Border Security Force and raised suspicions that hidden cameras may be installed on the flag pole for spying purposes. more

High Flying Corporate Espionage Lawsuit

Panasonic Avionics plans to seek immediate dismissal of a lawsuit filed by software company CoKinetic Systems, which claims PAC employed unlawful means to monopolize the market for IFE software and media services on the IFE hardware it supplied to airlines...

The firm’s suit, filed in the US District Court for the Southern District of New York, alleges that Panasonic Avionics willfully violated open source licensing requirements, breached contractual obligations to CoKinetic, abused FAA regulatory processes, conducted corporate espionage, and defamed CoKinetic and sabotaged its products...

Separately, Panasonic Corp on 2 February revealed in a stock exchange filing that the DOJ and SEC are probing PAC’s sales activities, and said it had begun talks with authorities to try to resolve the matter... PAC’s CEO and CFO departed the company last month. more

Thursday, March 2, 2017

Spycam News: A Darwin Award to Another Spy Who Shot Himself

OH - Judge Robert Peeler sentenced a former Deerfield Township maintenance man to four years in prison, for putting hidden cameras in women's apartments. 

Gerald Rowe will also have to register as a Tier 1 sex offender. Rowe worked at the Steeplechase Apartments in Deerfield Township. A woman called police after finding one of his hidden cameras in the vent of her bathroom in May 2016, according to Prosecutor David Fornshell.

Warren County Sheriff's Office detectives found videos from four other apartments from February through May.

Rowe mounted the cameras to get video of the women undressed. One of the videos shows Rowe's face while installing the camera. more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs.

Researchers at the University of Washington (UW) have pioneered a technique where everyday objects can be embedded with transmitters that piggyback ambient FM signals to send data to nearby smartphones and radios using almost no power. 

The technique makes used of backscattering, which is the reflection of waves, particles, or signals back in the direction they came from. The system uses a low-power reflector to encode specific audio or data on top of reflected signals from an existing FM broadcast, with the data sent on an adjacent band so as not to interrupt any current radio transmissions.

The key benefit of the technology is that it has an extraordinarily low level of power consumption, meaning that it can easily be incorporated into everyday objects at a low cost...



The antennas are made of thin copper tape and can be simply embedded into objects like advertising posters or articles of clothing. Initial demonstrations of the technique showed the total power consumption of a transmitter embedded into a poster to be as little as 11 microwatts – an output that could run uninterrupted off a small coin-cell battery for two years...

The UW team has produced two working proof-of-concept prototypes demonstrating the technology. The first was dubbed a "singing poster" that transmitted portions of a band's music to a smartphone up to 12 ft (3.6 m) away, or a car up to 60 ft (18 m) away more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs. The traditional police "wire" invisibly woven into undercover investigators' clothing.  ~Kevin

Tuesday, February 28, 2017

Las Vegas Constable Gambles—Pleading Not Guilty to Wiretapping

Former Las Vegas Township Constable John Bonaventura pleaded not guilty Tuesday to theft and wiretapping charges.

An indictment accuses Bonaventura, 54, of wrongfully increasing an employee’s salary to repay a personal debt. It also accuses him of secretly recording phone calls from newspaper reporters, lawyers, a judge and at least one Clark County commissioner. Along with one count of theft, Bonaventura faces one count of misconduct of a public officer and four counts of unlawful interception of wire communications, all felonies. more

Background: In March 2013, the Clark County Commission unanimously voted to abolish the Las Vegas constable’s office... Bonaventura told others that he wanted to bleed the office dry of all its assets before it was abolished in January 2015.

Macbook Anti-Spyware App - Reveals Video & Audio Spying

After reading about how hackers have taken control of a MacBook's iSight camera to spy on the person sitting in front of it, you might start to get a feeling that someone is watching you... Making matters worse, hackers have been able to spy on people without triggering the little green light that tells you your iSight camera is active...
...monitor your iSight camera so you know when it's being used. MacOS doesn't let you do this natively, so you'll need to turn to a third-party app: OverSight.

OverSight is a free app that installs quickly and places an icon in your menu bar to let you know it's running. more  Other security apps from the same developer.

A Solution to Dog-With-A-Bone Phoneaddicts

Dog-With-A-Bone Phoneaddicts are everywhere: at corporate meetings/events, concerts, expensive social gatherings, movie theaters, classrooms, lecture halls, even family dinner tables. The list is endless, others become furious, and speaking out could be injurious.

Temporary separation of the bonephone from the addict results in growling and snarling.

The only way to unlock Yondr's phone case 
is to tap it on the unlocking station.  
Photo: Jarrard Cole / The Wall Street Journal
There is a better solution... Yondr.

"As people enter the venue, their phones will be placed in Yondr cases. Once they enter the phone-free zone, the cases will lock. Attendees maintain possession of their phones and are now free to enjoy the experience without distraction... If at any point attendees need to use their phones, they simply step outside of the phone-free zone to unlock the case."

It's a good compromise.
Simple. Easy. Effective.

Security Director Alert: The USB Leach

If you see this, call us...

"The LAN Turtle is a covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle monitoring capabilities.

Housed within a generic "USB Ethernet Adapter" case, the LAN Turtle’s covert appearance allows it to blend into many IT environments."
----
"This is insane. No one at my work would notice this!"
-Pentest with Hak5 Student
more

Talking Doll Hack Exposes 2.2 Million Voice Recordings...

...thus busting the old proverb that children should be seen but not heard.

A security vulnerability allowed anyone to view personal information, photos and recordings of children's voices from CloudPets (A Message You Can Hug™) toys. And at one point, some people tried to hold all of that information for ransom.

According to a report compiled by security researcher Troy Hunt, over 820,000 user accounts were exposed. That includes 2.2 million voice recordings.

"I suspect one of the things that will shock people is that they probably didn't think through the fact that when you connect the teddy bear, your kids voices are sitting on an Amazon server," Hunt said. more  Plus: A brief history of creepy talking toys!

Friday, February 24, 2017

Optical Spying Through Office Windows

With talented hackers able to break into just about any device that's connected to the internet, from a computer to a car, the best way to keep sensitive data safe is to cut the cord completely.

Keeping an "air gap" between a hard drive and other devices forces any would-be thief to physically go to the machine ... or so you might think. Cyber security researchers have shown that hackers could hijack the innocent flashing LED on the outside of a computer, and use it to beam a steady stream of data to a waiting drone.

...digital criminals can be extremely crafty, using acoustic signals to jump the air gap between devices from a distance or untangling typed text by listening via Skype to the clickety-clack of a keyboard.

Now, a team at the Ben-Gurion University Cyber Security Research Center has demonstrated a new way that creative crooks could crack that isolated data. A piece of malware infecting an air-gapped computer could harness the hard drive's LED, making it flash in a very controlled and very fast manner. Flickering thousands of times a second, the virus could blink out a binary code of the desired data, at a rate that a human sitting at that computer wouldn't even notice. Special cameras or light sensors – say from a drone hovering at the window, with a line of sight to the LED – could then receive and record that information. more

Spybusters Tip #792: External visual surveillance through windows is easy using high-powered optics, or even cameras on drones. Keep computer screens, and their blinky lights, away from external line-of-sight. 

Spybusters Tip #793: Enforce a "Clear Desk Policy" when sensitive information is not actively being used. ~Kevin

Wednesday, February 22, 2017

Flexi Morality - Expanded Cell Phone Spyware Laws Introduced

On three occasions this week, I asked a FlexiSpy salesperson a simple question: If I wanted to, could I use their spyware to snoop on my wife's cellphone without her knowing? The answer each time was yes. 

When asked if it was legal, they responded with a canned disclaimer explaining it was necessary to get the permission of the target. But what if I didn't want my wife to know? They could help me anyway...

Detect phone warming caused by spyware. (for clients only)
Even though I started each conversation telling the FlexiSpy salesperson I was a FORBES reporter, they were happy to offer suggestions about how one could install the app without permission of the target. One said I could "sneak to get her phone" and then install, a process that FlexiSpy would guide me through. He sought to allay any fears about getting caught, noting there was no icon and it would operate silently...

Meanwhile, lawmakers are seeking to expand laws that punish unwarranted, secret surveillance. Last week, Senators Ron Wyden, Jason Chaffetz and John Conyers introduced The Geolocation Privacy and Surveillance (GPS) Act. Specifically, it creates criminal penalties for "surreptitiously using an electronic device to track a person's movements that parallel the penalties that exist for illegal wiretapping." more  other cell phone spy gadgets

Howard Stern Sued for Eavesdropping on IRS Phone Call

Howard Stern is being sued for airing live a phone call that a woman thought she was having privately with an IRS agent. 

Stern was sued by Judith Barrigas on Monday for airing a 45-minute conversation that she had with IRS Agent Jimmy Forsythe, according to The Hollywood Reporter...

Before Barrigas was connected to Forsythe, though, the agent was on another line with Stern's show. He put the Stern show on hold to take the call with Barrigas.

Someone on Stern’s show was able to listen in on the Barrigas-Forsythe phone conversation and was apparently so intrigued by it that they decided to air the dialogue live on the radio show. 

The show, which has 30 million subscribers, shared Barrigas’ phone number on the air.. more full lawsuit

Tuesday, February 21, 2017

Business Espionage: Operation BugDrop - Major Eavesdropping Operation Using PC Microphones to Bug Targets

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX.

Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails. Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it's retrieved by the attackers. The researchers have dubbed the campaign Operation BugDrop because of its use of PC microphones to bug targets and send the audio and other data to Dropbox.

"Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources," the CyberX researchers wrote. more (Heads up. This hasn't hit hard in the Western Hemisphere yet, but be prepared.) 

Spybusters Tip #832: First line of defense... Disable macros on your Word software. Don't turn it back on if prompted to do so by something arriving in your email. ~Kevin

Monday, February 20, 2017

Revenge of the IT Guy (Case #254)

A sacked system administrator has been jailed...

after hacking the control systems of his ex-employer – and causing over a million dollars in damage. 

Brian Johnson, 44, of Baton Rouge, Louisiana, US, had worked at paper maker Georgia-Pacific for years, but on Valentine's Day 2014 he was let go.

He didn't take that lying down, and spent the next two weeks rifling through the firm's systems and wreaking havoc from his home. 

Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated.

Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems.

Artist's conception.
His target was the firm's Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production. more

Mr. Johnson's emotions imagined as music inside his head.

Czech Mate, or Here's Looking at You Id

Forty-foot statue of David Black Trifot is part of a new multi-genre space outside the city Photo Czech Centre, which is now open to the public. more